Correction: Thinking mod_usertrack through for an ad-network... (for
this module is the modified one)
On 8-5-2012 23:14, Rob van Eijk wrote:
> All,
>
> Thinking mod_cookietrack through for an ad-network. For the sake of
> the thought experiment, let's assume all 3rd parties involved use
> mod_cookietrack:
>
> 1. On a first visit, a user visits a site, which uses 3rd parties to
> server an ad through an ad-chain with real time bidding.
> 2. if DNT=1, and no exceptions have been granted by the user, no
> cookies with unique identifiers are set by 3rd parties and as a
> result, only a non-personalized ad is the result.
> 3. If, for example on auto-refresh of the ad after a few seconds, a
> personalization of the ad is initiated, then the exception API is
> called, to ask for a firstparty/known-parties exception. At that
> point, most of the parties involved with the ad-network flow are
> known. For those known parties an exception can be asked. After
> granting the exception cookies with unique identifiers can be set by
> the 3rd parties with an exception.
> "first-party": [
> "example_A",
> "example_B",
> "example_A"
> ]
> 4. Only the part of the ad-chain where real time bidding for the ad is
> involved will result in an unknown number of 3rd parties. Parties can
> bid for 'a' user not tied to a unique identifier, not 'the' user.
> 5. The party with the highest bid can server the ad, but without
> setting a unique identifier. If this party want to find out more about
> the user to whom the personalized ad was served, and needs a unique
> identifier to do so, the party can call for a site or web-wide exception.
>
> => Maybe putting all the weight on the javascript API to solve the
> site/* problem is too much to solve the problem. Maybe we need to
> include normative text for the server-side. Something like:
>
> <normative text>
> 3rd parties operating in a 1st party context MUST not set cookies with
> unique identifiers on a first visit of a user. Instead the SHOULD ask
> for an exception.
> </normative text>
>
>
> Rob
>
> On 8-5-2012 21:44, Rob van Eijk wrote:
>> Kimon,
>>
>> Let me make a pro-aktive step here. Recently we touched upon
>> mod_cookietrack
>> (http://lists.w3.org/Archives/Public/public-tracking/2012May/0040.html).
>> One of the things that struck me, is that with a small modification
>> of mod_usertrack, the author was able to tackle an interesting point:
>> (https://github.com/jib/mod_cookietrack/blob/master/DOCUMENTATION)
>>
>> "mod_usertrack does not set the cookie on the incoming request, only
>> on the outgoing request. This means your application doesn't know
>> what UUID to use for the first visit of a user."
>>
>> Is this server-side behavior in any way useful for the
>> explicit-explicit exception pairs?
>>
>> Rob
>>
>> On 8-5-2012 21:17, Mike Zaneis wrote:
>>> I'm sorry but I object to this line of advocacy and cajoling by the
>>> Article 29 Work Group. The W3C Working Group's mission is not to
>>> create an EU compliance Mechanism, if that happens to occur as part
>>> of our work then so be it, but it is nowhere in our charter and we
>>> should not be continually pressured to work towards that end.
>>>
>>> Mike Zaneis
>>> SVP& General Counsel, IAB
>>> (202) 253-1466
>>>
>>> On May 8, 2012, at 2:35 PM, "Rob van Eijk"<rob@blaeu.com> wrote:
>>>
>>>> Well,
>>>>
>>>> At least one thing is for sure: tracking cookies need prior consent
>>>> of the user. There is no uncertainty about that. There is some
>>>> debate on a possibly very limited list of functional cookies.
>>>>
>>>> One of the latest public documents on the status of the
>>>> implementation is here ( disclaimer: I haven't checked it in detail):
>>>> http://www.twobirds.com/English/News/Articles/Documents/Implementation_ePrivacy_Directive-Apr2012.pdf
>>>>
>>>>
>>>> There is a catch-22 here, because law makers are looking closely to
>>>> the outcome of W3C DNT process. Some find it very hopefull, some
>>>> think it will not lead to compliance.
>>>>
>>>> So I encourage the group to try to get the TPE out of the impasse.
>>>> Please tell me, if DNT is not going to have any additional value in
>>>> comparison to the current opt-out systems. Because if DNT will not
>>>> be able to offer a rich granular dialog 'under the hood' of the
>>>> browser, DNT is not going to have the outcome many of us have been
>>>> hoping for.
>>>>
>>>> Rob
>>>>
>>>> On 8-5-2012 0:42, Kimon Zorbas wrote:
>>>>> That leaves us all (except for some lawyers) with frustration and
>>>>> uncertainty how the law will be enforced.
>>
>>